Angular core version 4.2.0 represents an iteration over the 4.1.3 release, building upon the foundation of the core Angular framework. Both versions share the same fundamental purpose: providing the core building blocks for Angular applications. Examining the package metadata reveals a key distinction: version 4.2.0 introduces a direct dependency on tslib with a version constraint of ^1.7.1. This inclusion suggests augmented TypeScript helper functionalities utilized within the Angular core, potentially optimizing compiled output or leveraging new language features for improved performance or code generation.
Developers upgrading from 4.1.3 to 4.2.0 should be aware of this new dependency. While tslib is generally a lightweight addition, understanding its role in the Angular compilation process can aid in debugging and optimization efforts. Peer dependencies, namely rxjs version ^5.0.1 and zone.js version ^0.8.4, remain consistent across both versions, signifying a continued reliance on these reactive programming and asynchronous task management libraries. The consistent peer dependencies ensures a smoother update process, as developers likely already have these packages installed in their projects. The release cadence, with 4.2.0 arriving roughly three weeks after 4.1.3, suggests a focus on incremental improvements and bug fixes rather than a complete overhaul of the framework.
All the vulnerabilities related to the version 4.2.0 of the package
Cross site scripting in Angular
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 10.2.5, 11.0.5 or 11.1.0-next.3 is advised to to address this issue.
